data theft
Klue breach lead to Salesforce data theft, Huntress affected
Cybersecurity vendor Huntress was among multiple companies hit by a breach originating at Klue, a market intelligence platform used to integrate CRM and sales data across …
74,000 Fortinet firewall credentials exposed in FortiBleed data leak
A Russian-speaking cybercriminal group has stolen credentials contained in the configuration files of nearly 74,000 Fortinet firewalls and VPN gateways around the world. The …
Another healthcare firm attacked days after Novo Nordisk breach
Medical technology company iRhythm Holdings disclosed a cyberattack involving certain third-party-hosted business applications that resulted in the theft of patient protected …
Oracle PeopleSoft servers under attack, Oracle pushes out-of-band security alert
A zero-day vulnerability (CVE-2026-35273) in Oracle PeopleSoft PeopleTools is being exploited in the wild, Charles Carmakal, CTO at cybersecurity firm Mandiant, part of Google …
Qilin ransomware affiliate exploited Check Point VPN zero-day (CVE-2026-50751)
A Qilin ransomware affiliate is believed to be exploiting CVE-2026-50751, an authentication bypass vulnerability in Check Point VPN Remote Access and Mobile Access, the …
New infostealer reaches enterprise devices through FortiClient EMS vulnerability
Attackers are delivering a broad-spectrum infostealer to enterprise computers by exploiting a known vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server …
TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension
Following TeamPCP’s claim that they’ve breached GitHub’s own private code repositories, the Microsoft-owned company launched an investigation and confirmed …
PureLogs infostealer is stealing credentials worldwide
A phishing campaign is smuggling the powerful PureLogs information stealer onto targets’ Windows machines by hiding encrypted malicious payloads inside cat photos, …
Attackers accessed, downloaded code from Grafana Labs’ GitHub
A threat actor has managed to access Grafana Labs’ GitHub environment and download the company’s codebase, the open-source observability and data visualization …
Attackers use MS Teams, fake mailbox repair utility to breach organizations
A threat group has penetrated corporate networks by impersonating IT helpdesk staff on Microsoft Teams, tricking employees into downloading malware and surrendering their …
Indirect prompt injection is taking hold in the wild
The open web is slowly but surely filling up with “traps” designed for LLM-powered AI agents. The technique, known as indirect prompt injection (IPI), involves …
Vercel breached via compromised third-party AI tool
Cloud deployment and hosting platform Vercel has suffered a security breach that resulted in attackers accessing some of its internal systems and compromising Vercel …
Featured news
Resources
Don't miss
- Where IT meets OT and railway cybersecurity gets harder
- Praxen: Open-source AI agent behavior verification
- Product showcase: How to evaluate AI SOC platforms and where Prophet AI leads
- What the Fortibleed campaign means for organizations running FortiGate firewalls
- A $1,400 experiment in AI security auditing outperformed OpenAI’s Codex Security